Cloud App Discovery - Link
- Discover applications in use and measure usage by number of users, volume of traffic or number of web requests to the application.
- Identify the users that are using an application
- Export data for addition offline analysis.
- Prioritize applications to bring under IT control and integrate applications easily to enable Single Sign-on and user management.

Automatic password rollover for group accounts - Link
The feature, which is designed to work with services such as Facebook, LinkedIn and Twitter, will permit single sign-on access by end users to an organization's social media account. Once the feature is enabled, it will automatically generate "strong" passwords that these end-users don't have to remember. A 16-character password gets randomly generated by the Azure AD service at each rollover time and it gets changed by the service automatically.

Azure AD Terms of use enables you to do the following:
- Require employees or guests to agree to your Terms of use before getting access.
- Present general Terms of use for all users in your organization.
- Present specific Terms of use based on a user attributes (ex. doctors vs nurses or domestic vs international employees, by using dynamic groups).
- Present specific Terms of use when accessing high business impact applications, like Salesforce.
- Present Terms of use in different languages.
- List who has or hasn't agreed to your Terms of use.
- Display an audit log of Terms of use activity.

SharePoint Limited Access - Link
How to - Link
Allow access to SharePoint and OneDrive from an unmanaged device by granting browser-only access with download, print, and sync disabled. Users can stay productive, and you can be assured that when they sign off, no data is leaked onto the unmanaged device.

OneDrive for Business Limited Access - Link
How to - Link
Allow access to SharePoint and OneDrive from an unmanaged device by granting browser-only access with download, print, and sync disabled. Users can stay productive, and you can be assured that when they sign off, no data is leaked onto the unmanaged device.

Privileged Identity Management - P2 only - Link
See which users are assigned privileged roles to manage Azure resources (Preview), as well as which users are assigned administrative roles in Azure AD
Enable on-demand, "just in time" administrative access to Microsoft Online Services like Office 365 and Intune, and to Azure resources (Preview) of subscriptions, resource groups, and individual resources such as Virtual Machines
See a history of administrator activation, including what changes administrators made to Azure resources (Preview)
Get alerts about changes in administrator assignments
Require approval to activate Azure AD privileged admin roles (Preview)
Review membership of administrative roles and require users to provide a justification for continued membership

Microsoft Cloud App Security integration - Link
Conditional Access App Control enables user app access and sessions to be monitored and controlled in real time based on access and session policies. Access and session policies are utilized within the Cloud App Security portal to further refine filters and set actions to be taken on a user. With the access and session policies, you can:
- Block on download:
- Protect on download:
- Monitor low-trust user sessions:
- Block access:
- Create read-only mode:
- Restrict user sessions from non-corporate networks: